<?php
include('include/config.inc.php');
if(!isset($_SESSION['s_activId']))
{
  $_SESSION['s_urlRedirectDir'] = $_SERVER['REQUEST_URI'];
  header("Location:checkLogin.php");
}
else
{
  $msg = "";
  if(isset($_POST['oldPassword']))
  {
  	
      $selectQuery = "SELECT password
                        FROM user
                       WHERE userName = '".$_SESSION['s_activId']."'
                         AND password = '".md5($_POST['oldPassword'])."'";
      $selectQueryResult = mysql_query($selectQuery);
      $NumRow=mysql_num_rows($selectQueryResult);
      if($NumRow > 0)
      {
        if($afectedAny = mysql_fetch_array($selectQueryResult))
        {
            $afectedAny['password'];
          if($afectedAny['password'] == md5($_POST['oldPassword']))
          {
            $updateQuery = "UPDATE user
                               SET password = '".md5($_POST['newPassword'])."'
                             WHERE userName = '".$_SESSION['s_activId']."'
                               AND password = '".md5($_POST['oldPassword'])."'";
            mysql_query($updateQuery);
            header("Location:./index.php");
          }
        }
      }
      else
      {
      	$msg="Old Password Is Incorrect.";
      }
  }
  include("./bottom.php");
  $smarty->assign("msg",$msg);
  $smarty->display("changePwd.tpl");
}
?>